Posted
by
timothy
on Tuesday July 02, 2002 @07:59PM
from the ants-are-everywhere dept.

Slashback tonight with another round of updates and errata regarding recent Slashdot stories. Read on for more on domain slamming, the process behind fixing and revealing the recent OpenSSH vulnerability, early photography, and a special note for residents of Maricopa County, Arizona.

Quick work by smart people.ciaweb writes "The OpenSSH group has revised its security advisory about the recent OpenSSH vulnerabilities. In it, they describe their decision-making process for releasing the bug information. It is interesting to contrast their procedure, which appears designed to maximize user protection, against Microsoft's, which appears to maximize Microsoft's protection."

Pardon me, sir, would you mind if I SLAMMED THIS HAMMER ON YOUR FINGERS?!D0wnsp0ut writes "I thumbed through my mail today and found what appeared to be a renewal notice for my domain. This one came from "Domain Registry of America." Verisign attempted something similar back in March and Bulkregister.com fought back and won an injunction, against the mailings. So watch out if your domain is getting close to expiring. I talked to my registrar (Register.com) and they're aware of it.
I'll scan the letter but have no place to post the pictures. Can anyone lend some bandwidth?"

Half the world has never eaten a Krispy Kreme donut, either.cshirky writes "I've just written an essay on the phrase ' Half the world has never made a phone call'. It's more 'voice telephony-y' than the usual telecom stories here, but after seeing the interest in media and the market that surfaced during my /. interview, I thought it might be of some interest."

You recently inquired about the County's use of Microsoft products and
the manner in which we license their software. We appreciate your
interest in the County's technology plans. To provide a forum in
which to discuss our technology direction and address any questions
you may have, we will have Information Technology staff members
available to meet with citizens at 8:30 am on Monday July 8th. The
meeting location will be the County Administration Building at 301 W.
Jefferson in Suite 420. Please RSVP your attendance so we can ensure
that adequate facilities are available for the meeting.

Ah, but what about the first annoying family photographer?
7h3_B055 writes: "Contrary to this article
on Slashdot claiming the first
photograph was created in 1826, much evidence
is pointing to the fact that the Shroud of Turin may have been an earlier example
(substantially earlier) of photography using ingredients as basic as egg-white
for treating cloth (the photopaper) and urine
for developing it. The camera itself could have been a simple box with a hole
in it and the exposure time would have been lengthy."

Of course, there are a lot of theories about the Shroud of Turin, and a google search is likely to intrigue you for days.

Well it is a county in Arizona... the state with the only openly Pro-Pot representative that I know. It certainly wouldn't work in PA, they're still discussing whether the Amish should be required to put little orange triangles on the back of their buggies.

If I offended any other Pro-Pot politicians, I'm sorry. If I offended any Amish people, what the heck are you doing reading this? Shame on you, Brother Jebbediah!

You're obviously not a parent. Policing your children? Duh! Hello! McFly!?! That's what parenting is. What, you think kids are born knowing right from wrong, and parents are just supposed to stay out of the way and occassionally put food on the table? What friggin' world are you living in???

When will people realise that the way to help your child grow up safely is not to forbid things Gee, maybe the same time they realise that if a pair of minors wants to have unprotected sex, then that's their business. I.e., NEVER, HOPEFULLY, BECAUSE YOU'RE TALKING FUCKING STUPID.

Hey Genius, we're talking about minors here, doing illegal things. It's one thing if you want to try and make a point about the futility of the war on drugs among adults, and the government's assault on civil liberties by trying to regulate activites exclusive to one or more consenting grown ups, but geez, kid, get your head out of your ass and use some common sense. We're talking about kids here. I know in your little fantasy world it's the 10-year-olds who are hacking out the planet-saving patches keeping this fragile society together, while the Ph.d educated engineers at Microsoft scratch their heads in awe, so this may surprise you: kids DON'T know it all. Kids need guidance. They need discipline. And, to borrow a phrase from my father, as long as you're living under my roof, eating my food, and using my phone, you're going to follow MY RULES

Good Lord man, you take this all kids are good and can be trusted thing too far.

Word up, brother. In fact, I just ranted about this myself. If I may quote myself, "Where does this bullshit come from that 'they're just going to do what they're going to do anyway, and there's no way to stop them, so you might as well let them do whatever they want'?".

I know in your little fantasy world it's the 10-year-olds who are hacking out the planet-saving patches keeping this fragile society together, while the Ph.d educated engineers at Microsoft scratch their heads in awe

What the fuck are you talking about? Who said anything about patches, or little kid geniouses or anything like that?

Were you even reading my post? The fact is You cannot stop your children from doing things they want to do. You know this. your parents tried it, and you did them anyway. So did your friends. All I said was that reaing your childrens' diary (a lot of my female friends had parents who liked to do this), reading his email, listening in on his phone calls, and stealing his pager and deciphering his "code talk" are not the way to go about things.

Policing children is not what parenting is about. Parenting is about _RAISING_ children, and teaching them: teach them how to make their own decisions about what's right and what's wrong, because by the time their desicions are life-threatening (unprotected sex, dui, drugs) they're going to make their own decisions wether you like it or not. Telling them what to do and what not to do is of course good - expecting them to do it "because i said so" is a fruitless and potentially damaging way of things.

Kids need guidance. They need discipline

I never said otherwise. And I never said kids can be trusted to do the right thing. But that doesn't make it right to go through their personal things looking for evidence just in case.

Hey Genius, we're talking about minors here, doing illegal things. It's one thing if you want to try and make a point about the futility of the war on drugs among adults, and the government's assault on civil liberties by trying to regulate activites exclusive to one or more consenting grown ups, but geez, kid, get your head out of your ass and use some common sense. We're talking about kids here. I know in your little fantasy world it's the 10-year-olds who are hacking out the planet-saving patches keeping this fragile society together, while the Ph.d educated engineers at Microsoft scratch their heads in awe

I think the original posters' point is that children should be allowed to mistakes. Even dangerous ones, on occasion. A sterile, overprotective environment is anathema to a child's intellectual development. Indeed, this is observed in all primates, not just humans. The idea, I think, is to equip the child as best you can; to instill judgement and sense into their inchoate minds. Yes, punish them when they screw up. Yes, instill a healthy (not iron-fisted) discipline so they can grow up respecting themselves, and make intelligent choices. And, yes, sadly, you have to let them fall down once in a while. The risk you take in doing so is an investment in the child's psyche. Growing up is dangerous---it has to be, I think.

But where did you pull that 10-year-old hacker thing from, anyway? That was quite the non sequitur...

And, to borrow a phrase from my father, as long as you're living under my roof, eating my food, and using my phone, you're going to follow MY RULES

Well, that's fine. However, if you've done a proper job, one day your child will ask you where those rules come from, and their justification. You owe it to them to have a thought-out answer.

Telling a teen that something is dangerous is tantamount to challenging them to do it. Not productive.

Punishing a teen for doing something dangerous because "they could have been hurt" (even though they didn't get hurt) just encourages them to do it again to prove you wrong. Not productive.

"kids DON'T know it all" Completly stupid thing to say. Either your kid already knows he doesn't know it all (because you've done a good job of parenting), or he thinks he does, in which case he isn't going to listen. Not productive.

:Kids need guidance. They need discipline" They aren't going to listen to guidance. They're going to resent discipline and go out of their way to do exactly the opposite. Not productive.

"as long as you're living under my roof, eating my food, and using my phone, you're going to follow MY RULES" You have to be joking. Which planet, exactly, do you come from? Because here on earth, this isn't going to work. Unless you WANT your kid to draw up a big list of your rules, and work their way down it methodically?

Every one of my friends I know who had strict parents promptly rebelled at the earliest opportunity. In general, the worse the punishment assigned to an activity, the greater enthusiasm they persued it with. And no, "discipline" isn't going to do a damn thing. You can't control every aspect of your kids life.

The most religious guy I knew in high school was a real model student. He studied hard, didn't drink, smoke, talk to girls, or party. He went to univeristy, and promtly went to a few parties, got drunk a lot, loosened up enough to meet some girls (with the aid of some pretty colored pills), moved in with one, and dropped out of uni.

His parents obviously did a piss-poor job of parenting, but they enforced their rules perfectly. He was the absolute epitome of the "perfect kid", except, of course, that he WASN'T. His parents hadn't tought him right from wrong, they had simple made him do what they thought was right, never realizing that HE didn't agree with them.

On the other hand, some of my other friends parents did things differently. One guy turned down a joint that was being passed around. His parents (refugees from the 60's) had told him that pot wasn't evil, but it was best to try it the first time in safe surroundings, so if he wanted to try pot, to tell THEM and they'd find some. Years later, and AFAIK he still hasn't bothered to try something so boring his parents wearn't fussed about it.

His parents had done an excellent job. They didn't enforce anything (as if that's even possible). But they had tought some ethics (by example, more than anything else, according to my friend).

If you really are a parent (and if so, I'm very happy I'm not your kid), you better either lighten up, or you'll get a very unpleasent surprise one day. No matter how cool you think it would be if you could control your kid, you can't. For most of their life, you will be unable to control them, and the greater the pressure you've put on them, the greater the urge to rebel when and where possible. It's not productive.

Can I just say I find it quite strange that Slashdot, of all places, is about the only forum where I even occasionally see serious debates of this nature, with participants from parent and youth generations?

It's Iraq, not the Palestinian authority, that's helping families financially when someone has committed their own body...

I'm sure some of it comes from Iraq, but you deny that a lot of it comes from Hamas elements in Palestine?

and that it's the Israeli that are occupying another countries land

Would that be the 1967 land that Israel won in the war when they were attacked by the palestinians, or the recent occupation as a result of the suicide attacks?

I'm not saying that Israel is totally blameless in anything, but the Palestinian are by far their own worst enemies [bbc.co.uk].

I MIGHT have some sympathy for the Palestinians when I see outrage in the streets over sending innocent children as suicide bombers. I don't see the Israelis doing that, which makes them morally superior no matter what else they might do, INCLUDING occupying every square inch of Palestine territory.

I'm not saying I'm an expert on that region, and know all the answers, but maybe YOU need to open your eyes, and realize that the tactics being used against Israel are not justified by any stretch of the imagination. But I guess it's easier to accuse others of having their eyes closed rather than look in the mirror.

... if the US would give the Palestinians a few Apaches I'm sure they'd rather use those to fight their oppressors than killing themselves.
Please, lobby for it so we might find out.

Dude, you are seriously deluding yourself if you think any significant number of people are going to support giving heavy weaponry to a corrupt dictatorship with a proven track record of murdering innocent children, both Palestinian and Israeli.

How about this, when the Palestinians stop oppressing themselves, then I might start being interested about who else might be oppressing them.

So you're saying that those are Iraqi children that are blowing themselves up in order to murder Jewish grandmothers having ice cream with their grandchildren and Palestinians are somehow wrongly getting the blame?

What your claim boils down to is that the Palestinians don't know right from wrong and are just damn fools who are taking money from Iraq, not realizing they are sending their kids off as human bombs. This is crap.

I hope someone sends a suicide bomber to kill you some day. When they do, I'll just shrug and say, "they bomber's not at fault; it's those damn Iraqis".

Really? Which death camps were being run by Israel in Lebanon in the 80's? Citations for your claim?

The massacres in refugee camps (not concentration or death camps) in Lebanon were performed by Lebanese Christians. Sharon's "crime" was that he should have known that the Lebanese would murder women and children. Whether or not he should have known, it's interesting that no one mentions any culpability on the part of the Lebanese Christians. It's always the Jews, even though no Jews actually took part in killing.

What's funny about your poll claim is that right after 9/11, Joseph Farah, an Arab-American, personally called on Arab-Americans to put themselves in camps. You can read about it in his archived columns on wordnetdaily.com. So, what, is he anti-Arab, too?

No, the question that was posed was stupid. If this poll actually took place (I'd like to see a cite), then the question was: would you lock up Arabs in the US IF it would stop terrorism. Notice the condition. Terror attacks stop when Arabs are locked up. Ask this question right after 9/11? Well, duh. Of course 60% said yes. I'm surprised it wasn't 90%.

As Farah pointed out in one of his articles (and I screwed up the URL, it's www.worldnetdaily.com), say that 99.9% of all Arabs in America were pro-American, against bin Laden, yadda yadda yadda. That would leave 7,000 Arabs in the US, dedicated to its destruction. And then idjits like you wonder why people support racial profiling.

You don't understand: I agree with neocon. I think it's absurd that Sharon is held responsible for actions taken by LEBANESE CHRISTIANS. What makes it doubly absurd is that no one is even remotely interested in charging a Lebanese Christian with this crime; it's only the Jews they are after, even though they had nothing to do with it.

As for why Sharon was found "indirectly responsible" for the massacre, after the Holocaust, Jews consider it the highest of crimes to turn your back when you even suspect that a massacre might occur. Note that if the UN was held to these standards, Kofi Anan would up on war crimes charges for turning his back on Rwanda. He was in charge of peace keeping missions when genocide in Rwanda and Bosnia occured, and shrugged his shoulders when it was clear what was about to happen in both places. Now he stands in moral judgement of Israel. What a fucker. I hope he's the first son of a bitch tried by the International Criminal Court, but it won't happen, because the ICC's job is to convict Jews.

And I wouldn't trust a European court for anything involving Jews. Europeans spend the better part of the last 1,000 years trying to kill every Jew they can find, and now Jews are supposed to take anything they have to say seriously? You've got to be kidding. I'm stunned that any Jews are still there. What, the Holocaust wasn't enough of a hint? You'd think that now that the Europeans are openly contracting the exterminate-the-Jews gig out to their recent Muslim immigrants, the remaining European Jews would get the picture and move back to their ancestral home in Israel.

It is commonly used by you, perhaps, but it's not common usage, nor correct. Learn how to fucking write, retard. I could make a four page post on errors you consistently make in your posts, it's just your almost insanely retarded misuse of "cite" is absurd.

However if you can show a comparative statistic of the usage of 'cite' for 'citation' across the English Internet as a whole, be my guest.

It's also not common at all in the University setting, something I'd know, being a Professor for 15 years.

This is the silliest argument I've ever heard. Out of ALL the polls and ALL the stories in ALL of the media, why would this ONE be buried? "The Jews did it" is your excuse? Why didn't the all-powerful Jews stop a billion other stories? Why this one?

This is how Occam's razor works: you pick the simplest explanation for an event. Either a few overseas newspapers were hoaxed (such as the Chinese newspaper that printed a story from The Onion as truth), or Jews at CNN have decided to take down a single poll that everyone else on the planet has forgotten.

"Wolf Blitzer Reports" runs every weekday, Monday-Friday. You need to find a report that was squashed between 9/11 and 9/29. Now, there is a hole in the archives between 9/10 and 9/16. I think it's because CNN dumped all of its regular coverage. You need to prove otherwise.

The original article is from Time, not CNN. It hasn't been hidden by a cabal of evil Jews. It wasn't by Wolf Blitzer (although he might have quoted it in some article that is no longer available). It can be found at: http://www.time.com/time/nation/article/0,8599,176 815,00.html

The relevant portion is the end:

"On the homefront, Americans strong favor increased vigilance. A full 68 percent favor increased governmental wire-tapping authority, 55 percent favor email monitoring. Sixty-one percent would allow the federal government to jail any non-citizen terrorist suspect without a hearing; 59 percent favor holding suspects without bail for unlimited amounts of time. And 31 percent would allow the internment in camps of Arabs who are U.S. citizens. "

The way the question is worded doesn't sound like the question was "round up all Arabs." It sounds like "Arabs who are suspected of terrorist links" rather than locking up Jaimey Farr and Tony Shalub. But since I didn't see the original questions (and since the quote from above doesn't say "ARE YOU IN FAVOR OF LOCKING UP ALL ARAB-AMERICANS IN CONCENTRATION CAMPS?"), I can't tell for sure.

Funny you should mention this. First of all, there was a great program on 20/20 last night, talking all about how the media hypes non-existent stories. News organizations blow things out of proportion all the time. It's how they get ratings and advertisers. So, yeah, I'd think that Wolf Blitzer and Heise could have blown this out of proportion. And since it looks like this wasn't an actual CNN "Wolf Blitzer Reports," but rather the transient text on the front page to that section of the web site (none of which archived), I don't think there's some dastardly Jewish plot to hide this information. And if Americans are as anti-Arab (and pro-Jew) as you say, then why would an anti-Arab poll be buried? At least be consistent with your crazy theories.

Secondly, you proudly proclaim your support for a people who, according to consistent polls, are not only in favor (by majorities, not minorities) of crimes against humanity (as Amnesty International has labeled Islamikazis), but actual genocide against Jews. This compares to a minority (less than 1/3) of Americans who may have been in favor of internment (not death or concentration) camps for Arabs in America, right after a cowardly sneak attack on Americans that killed 3,000 people (at the time of this poll, the death toll was projected to be over 5,000). Meanwhile, Palestinians resorted to murdering innocents (celebrating it in the streets and holy places, teaching it to their children) after rejecting several peace plans without putting forward an alternate proposal. What a deserving people.

Your claim to moral superiority is spurious at best, evil at worst. Which is it?

Yeah, they'll have all of their IT guys there saying, "Yes, it is policy to not purchase from those in an Anti-trust suit.", "Yes, we know there are alternatives.", "Yes, *nix is one of those alternatives, but unfortunately we all have MSCE certifications and dunno wtf to do with a machines that runs *nix, and we like our jobs."

Then questions will be directed to their managers, who will respond with, "No, we don't know what *nix systems are. Hell we don't even know what MSCE means, but everyone else was hiring them so we thought we should too.", "No, my machine is never stable for more than 24 hrs, and I don't know the difference between 95, 98, ME, XP, 2000, but they all have a pretty blue screen sometimes, right before I hit the reset button, so they must all be the same, right?"

*deep breath*
good dog, you get a cookie. bring 20 of your closest geek friends, and have them sit in pairs around the audience(if it's big enough.)write out a list of questions beforehand.ask a question, and when they reply with a non-answer, have everyone do the whispering "we don't like what he just said" thing.Make sure When you are called on, state your name and your job(only if it's tech related, compUSA don't count). Say that' you've been following the issues on technical sites(don't mention slashdot by name). Don't state your linux enthusiasm. when talking about "other" choices mention QNX, BSD, Macintosh, and (THEN) linux.

Bring a printout of information to read off. Bring flyers to distribute. be Informed. Don't do the "micro$oft Sux0rs!". This is about choosing the best OS, not about screwing microsoft(well...).Try to be clear and consise. get EVERYone you know to go, not just Geeks. The more the merrier. Bribe them to go if you must. Get your local CS and law professors, computer teachers, etc to offer extra credit to any summer class students they have. Local Youth Groups. Bo/girlscouts. Clerk from the local store. Get local gamers to go. get your Parents. Convince the local lawyers They'll be able to make a killing on the resulting lawsuits. Don't outright lie, just let people know that this *IS* important. Ask local stores if you can post a flyers. Get premissions from the cops if you have to and chalk the sidewalks(legal in some areas, not in others). Call up local businesses and talk to their system admins. get them to go.

Invite MCSE's. If they show up, one of 3 things will happen1). they'll realize it time to learn something new.2). They'll try to put forth an argument how they'll have to learn new job skills and it would be bad. If that's the case pull a "I know COBOL- should we force everyone to go back to that?"3).They'll actually give some insight to the benefits of microsoft.(this one is largly theoretical)

If they don't want to go, Give them 3 examples of how microsoft has SHAFTED consumers(I can't think of any besides the bsa/school system fiasco). It's best to tell them with flyer in hand. let them know that Apathy is gonna let microsoft get away with worse, and it's already evident in the court case. this is their chance to stand up and make a difference. Once their there, make sure you don't lose them. Use small words, and east definitions. Get them involved. Use the Jargon file definitions. Include URL's of all references. Point them to the EFF if it's needed.

Perhaps offer to help the county set up a webpage for the people who are there to find out more. Offer your services. Try to come off as "this is a serious situation and it warrants everyones attention. Thank you for listening."This literally has the chance to change the world...

Well, after about two hours (8:30AM to 10:30AM) I left the meeting with a much better feeling about my local County government - at least in the IT/IS groups.

Linden Thatcher, the CIO for Maricopa County, struck me as quite literate in the issues that were raised.

About 5% of the County IT/IS budget goes to Microsoft products, a vast majority of those being the 12,000 desktops they support. According to the statements Mr. Thatcher made, most of their "server-side" applications run on a mix of HP-UX and System V, with some apps running on Websphere.

There are currently a couple of internal projects running Linux/Apache to provide document publishing.

Mr. Thatcher has read "Ender's Game," and met Orson Scott Card (thank goodness we've got SOMEONE in the hierarchy who is not only literate, but READS!)

The Phoenix Linux Users Group people who showed up were very polite, and there was only one person in the crowd who seemed to be almost violently "anti-Microsoft."

First, the users. You have no idea how whiny users can be about what they are used to using. Example: receantly a few computers using Eudora started having weird problems with e-mail. We still haven't nailed it down yet. Well Outlook Express (or Netscape Mail) on the same system works just fine. It's not an account problem, not a connection problem and we can't find a settings problem. Sooooo, the most logical conclusion is just to go over to another mailer. After all they are all REALLY similar, and the others aren't ad sponsored like Eudora. Nope, the users will ahve none of it. They like Eudora and refuse to use another mailer, even if they basically are the same thing.

Now some of you might say that you should just replace the users. Well, this just isn't really possable. With the IT staff, you can do this. YOu can tell them "It's your job to do the ocmputers, we want you to do UNIX computers. Learn how or we replace you". IF they fail to learn, you will actually be able to find replacements for them that can handle UNIX. However this is usually not the case with other employees. If you go and find a bunch of good lawyers, they are proabably all set on the software they use and not felxable about changing (they ones I've know are this way). Well, you won't get much of anywhere trying to force them to use something they don't know/like. And replacing them won't do any good since the replacements are likely to be the same way.

Now even if you can get all your users to go along with this changeover, you then have the expense of retraining. We can argue till the cows come home about total cost of ownership and such and how much UNIX would save, fact is retraining the staff will be EXPENSIVE and there will be a large loss of productivity during the transition. This will be hard to justify to no technical beancounters who see it is a totally unnecessary expense.

Then there is the problem of custom apps. Many bussinesses and government entites have custom software they need to use. This is often not cross platform. Well this then means that this software has to be rewritten and broght ot a new platform. Again, expensive and time consuming.

So the problem is that you are trying to do something not only that a flunkie IT staff may not be prepared to handle but that is going to be very unpopular, very time consuming and masively expensive as well as a productivity hit. Well, this is hard as hell to justify and to push through. Espcially the expense part. Managers shy away form large, upfront costs even if it means saving over the long run. You have to work hard to convince them it really will be a money saver, because if they are wrong about it, it's their ass.

Also there are some hidden costs with things like this. PEople are quick to point out that Linux is free and doesn't crash as much as Windows. However the problem is, as you mentioned, you need better tech staff to make it work. MCSE flunkies will not cut it. Well better people cost more money. In an orginazaition with a few UNIX and WIndows servers and lots of Windows desktops you can get away with a couple knowledgable staff and then a bunch of people with a minimal (But still mroe than the users) tehcnica knowledge to deal with little problems. Well if you tried to go all Linux you'd need to dump all those people and get a bunch of savvy admins. This costs more money.

At any rate, a total Linux/UNIX conversion of a lrage instution or bussiness is possable, but can be very, very difficult.

"One solution worth trying would be to pay the lousy subscription for Eudora and remove the ads and their complexity and overhead."

That's up to the particular departments in question. I work for a different group (we use Outlook, OE or pine pretty much exclusively).

At any rate I don't think registering would do any good, what happens is for some reason it can't seem to talk to the SMTP server. IT recieves mail fine, but won't send. OH and only some Eudora clients do this, others don't. OH, and it just started like a week ago. My bet is it's a peice of software, maybe virus, that some people grabbed.

At any rate the point is most users are VERY resistant to change. Here we are asking them to change the tinest thing, their mail client. The new one will work just like the old one (and it doesn't have to be OE, Netscape Mail/Mozilla Mail work just fine too) the only difference is it looks a little different. Nope, they'll have none of it. Can you imagine the whining and bitching if we tried to force a new OS on them? Espically if, god forbid, it didn't have Esheep.

What I want to know is, how can OpenBSD claim there have been no vulnerabilities in a default install in years when there have been so many coming out recently? Does the default install not include any network support or what? If OpenSSH is enabled by default, what kind of server OS is that?

OpenBSD simply closes off most services by default, meaning any holes in that service that are found arent classified as "vulnerabilities in a default install." For example, telnetd is not running by default. If a hole is found in telnetd, then it doesnt affect OBSD's claim as it's not a default-enabled service. This is despite the fact taht OBSD comes with telnetd.

For the services they do install by default, they mostly use older versions instead of the latest-up-to-date version. This gives the software a chance to mature, weed itself of security holes, and gives oppurtunity for OBSD developers to audit the code themselves before placing it into the default install.

Now as for OpenSSH, I dont know if it was an older version, as OpenSSH is written by the OBSD team. I would suspect that OSSH has had the flaw for some time (like the vast majority of flaws do), just not found until the past few weeks.

I am well aware of the recent problems, and made no reference to the change in their claim, so why bring it up?

Also, 2.3.1 (the earliest version vulnerable to the recently found problems) was released in 1998. 1998 is not 2002. So my suspicion that the bug was actually in the software for several years was correct. It wasn't until the past few weeks that it was found and patched. It was also yesterday that GOBBLES posted an exploit in an attachment called sshutup-theo.tar.gz. Yes, there was that extra s there.

FWIW, there is a often-referred to BugTraq posting with a subject along the following lines: "Wu-FTP, providing remote root since 1994." The post was made during the year 2000.

Yes it has network support but there is very little turned on which is how it should be. If an OS comes locked down by default then you know exactly what is running as you must have started it (actually, add a "should" to that sentence). So when an advisory comes out for program foo even the dullest sysadmin can think "Did I enable that?" and conclude "Am I vulnerable?"

I've gotten both the Verisign and the DRA letter, and after reading both in light of the Veresign suit, the DRA letter is VERY clear that submitting the form back to them will switch your registry to them; this is printed on the front of the letter in the same type as the rest of the page. In the Verisign case, the transfer statement was printed on the back of the letter in fine print (with no indication there was something on the back). While somewhat tacky, I don't think DRA is in the wrong here, compared to Verisign.

Actually, I think they very well may be. Where did they get the address to send the advertisement to? I'm assuming the same place they got the expiration information - whois.

Most whois servers have a notice like the following, I've noticed:

"Any use of this data for any other purpose, including, but not
limited to, allowing or making possible dissemination or
collection of this data in part or in its entirety for any
purpose, such as the transmission of unsolicited advertising and
solicitations, is expressly forbidden without the prior written
permission of (Registrar). By submitting an inquiry,
you agree to these terms of usage and limitations of warranty."

My registrar's whois database has this notice. I got one of verisign's sleazy notes as well (though I knew what it was, at least.) If I get one from DRA, I'll be complaining...

Most registrar don't tell you this because if they did, hey, they'd lose money right? But if you use a decent registrar or read the ICANN agreement you'd know it. You can also opt out of it. Most sleazy registrar require you to write in or otherwise take a stupid amount of time todo it. Thats why I like gandi.net they're run out of france and have a big paragraph explaining it and radio buttons where the default is opt-out

<blockquote><i>o snapshot of telephone penetration matters, because the issue is not amount but rate. If you care about the digital divide, and you believe that access to communications can help poor countries to grow, then pontificating about who has or hasn't made a phone call is worse than a waste of time, it actively distorts your view of the possible solutions because it emphasizes a statist attitude. </i></blockquote>

Wrong: it doesn't imply hopelessness, but rather encourages us to take action to change. Do you think that Kofi Annan wants us to throw up our hands and not care about the rate of improvement? No! By recognizing the magnitude of the problem, we can realize how important <i>more</i> improvement is. Just because things are improving doesn't mean we shouldn't be concerned about the huge inequalities that exist.

One theory is that Jesus became pure energy and the radiation burned the image into the cloth. This isn't a far fetched theory really. We don't know how He resurrected. As the theory suggests, He could have transformed into a form of energy. Einstein's famous equation E=mc2 tells that matter can become pure energy. In fact this is the same concept of an atom bomb - matter becoming pure energy using radioactive material as a catalyst.

What makes this theory eerily realistic is that when the cities of Hiroshima and Nagasaki were bombed in World War II, there were some walls left standing. Etched on those walls were shadows of spiral staircases, statues, and even people. Hypothesis is that the atomic explosion etched the shadows of images onto the walls. So if matter becoming pure energy, such as an atomic blast, can etch images onto a wall, it is not far-fetched that Jesus's resurrection could have done the same thing to The Shroud - if he produced some kind of energy of some sort in the process of resurrection.

Hypothetically speaking (because I find the idea, to quote Mike Tyson, "ludacrisp") if Jesus were the energy source that etched this image on the linen, he wouldn't cast a shadow, now would he?

SO in short, that shroud wouldn't have an image burned in, the shroud (along with a good deal of the surrounding tomb and Pilate's Guards would have been vaporised.:)... the problem when applying human logic to Devine events...

if Jesus were the energy source that etched this image on the linen, he wouldn't cast a shadow, now would he?

No, but he could have left burn marks...

Granted this makes their explanation of shadows and Hiroshima completely unfounded, but it still doesnt' eliminate the possibility. Personaly the image looks rather unasthetic to me.. is it proportional? Has this been measured?

Wow, that's really inane. Now I know why people some peole call some Christians morons... I'm a Christian myself, but I have had little awareness of all the hilarious "evidence" out there... Amazing that people think a big ball of radiation could walk out of the tomb and talk to Mary Magdalene...

This is assuming that the shroud even depicts Jesus. It seems one has to use circular logic to prove this (i.e. assume it is Jesus to prove it is Jesus, much like the problem with proving the existence of God.)

Besides, everyone knows we only discovered nuclear fusion in the 1940s. Sillies.

From that crucifixion photography link, the site shows us a very modern, very clear, very unrealistic (in my opinion) photo of an actual crucified foot [pixelworks.com.ph] (near the bottom of the page). Is it just me, or does that just look too nice and neat with carefully arranged (but not too messy) bright red blood? Thankfully I'm no expert on the subject, but it just looks so 'perfect'. Nice clean, attractive foot, nice rustic piece of timber (artistically angled for composition), artsy clouds in the background, carefully spread bloodflow on feet and wood, etc.

One obviously questionable assertion that they try to pass off in the details makes for a whole site of suspicion.

In "Carrying the cross" -- Christ's broken nose is attributed to the impact of his face hitting the ground as he fell while carrying the cross.

In "Death" -- The Gospel of John concludes that paragraph saying, "this was done so that scripture would be fulfilled that not one bone of His body be broken." And indeed, throughout the entire passion of Jesus, despite the extraordinary atrocities done to him, not one of his bones were broken.

I's like to touch on a point not raised by the Shroud site. It stands to reason that Jesus was circumcised, being Jewish. so, when he rose to heaven, did he leave his foreskin behind?

Naturally, the power and popularity of relics was dependent upon the saintliness of the original "owner." The ultimate source of relics, of course, was Jesus himself. But there was just one problem: it is clear in the New Testament that after his resurrection, Jesus was "carried up to Heaven." Thus, there just wasn't any possibility of a church acquiring Jesus' head or foot, as happened with various saints. For the most part, the only Jesus relics available were things like his crown of thorns, his robe, his sandals, or even pieces of the "True Cross."

But then some astute theologian - or was it a businessman? - realized that not all of Jesus' body could have been actually transported up to Heaven. Jesus was, after all, a faithful Jew, and as such, he would have been circumcised like every other boy. So where was his foreskin? Whatever happened to that bit of divine flesh?

And thus began a search for a very odd "Holy Grail" which resulted in not one, but up to a dozen different holy foreskins, each competing to be the genuine article. Of course, one presumes that they could not all be genuine and I am not aware of anyone who tried to argue that the unusual bounty was a miracle akin to the loaves and fishes.

He said all one had to do was suspend a corpse for three to four days in sunlight.

I'd like to formally apologize to Sears Photo Studio [searsportrait.com] for ever having complained while sitting through those family portraits back in the '70s. In retrospect, you were surprisingly gentle with me.

Research deos show that it is very likely that Vermeer used the camera obscura to obtain an image. He would be in a darkened room with an image projected on to the canvas. On some of his pictures details are "out of focus". However, you can hardly call what he did a photograph as all he did was use the camera obscura to obtain the basis for a painting. Had he chemically burned the image onto the canvas then you may have a case for an early photograph.

Disclaimer: I don't want to know this so I can run around and r00t a bunch of machines. I'm genuinely interested, since the flaw wasn't immediately apparent to me when I glanced at the patch a few days ago.

With that said - does anyone have an analysis/description of where in the source the overflow was actually exploitable? I followed the auth_chall2.c call path fairly far, and didn't manage to find where nresp > 100 would actually overflow. It doesn't seem to be exploitable in the xmalloc() immediately following the patch, unless I really missed something. I didn't trace into openssl, so if it's an interaction between the two libraries, I wouldn't have hit it.

Basically, the sizeof(char*) will return 4 on a normal x86 machine... which means that if nresp is greater than one-fourth of 0xffffffff (UINT_MAX), i.e. over 0x4000000, then you overflow xmalloc(), which is just a wrapper function for standard malloc().

I think the first thing(s) i would try to clone if i could would be anything resembling human DNA in the shroud. It would be hilarious if some blond/black chinese guy(or even girl) come out of the clonation!

Anyone who runs SuSE Linux from version 6.4 through version 8.0 inclusive may be interested in this.

SuSE's "SuSE-Security-Announce" mailing list released this [suse.com] post today regarding their response to the OpenSSH vulnerability. It contains a ton of information, and FTP links to update your OpenSSH packages for the aforementioned versions of SuSE's distribution.

No it is pretty clear the shroud of turin was constructed in a similar (but more complicated) manner as rubbing a pencil over a sheet of paper held on top of a credit card. In other words they put the shroud on top of some statue and then imprinted that on the shroud.

The only reason someone would claim the shroud was a photograph is because it is a negative image like negatives are. In no way shape or form was a picture taken involving pinhole cameras and the like. I mean good photosensitive materials were a long way in coming still.

For all of you Linux/BSD advocates that are obviously droooling over this oh-so-cool-good-vs-evil "stuggle"... I can categorically assure everyone that this will never happen. Never.

As someone who regularly consults at the county , city and AZ state agency level, I hate to inform ya'll that this is very much a Microsoft kinda town. Yep, you heard it here first.

Further, Maricopa county is small potatoes when compared to the state and city agencies/IT budgets. Scottsdale's (one of the valley's cities) CIO probably has four times the dough than the dude that runs the county's boxen. Not to mention Phoenix city proper. And Tempe, Chandler, Mesa, etc. etc. Oh, and the state government.

And of course, government agencies are the least prepared to transition an existing employee base to a brand new technology paradigm, regardless of the cost benefits this might theoretically bring (or how supposedly easy it is to switch to Linux/KDE/OSS Office suite).

secerla counties in California would fit the description you gave, but about 4 years ago they switched to BSD and or Linux. The transition was as smooth as any windows upgrade. "Retraining" took almost no time.Considering how far the UI has come, its only got to be easier to migrate.As soon as someone with political power ralizes its there ass if MS screws up, the tend to rethink things.What do you think would happen if the BSA showed up at the mayor's office to check there lisences?

If you live in the Phoenix Metro area, this is your big chance to make a great impression, show interest in your local government, and learn something too -- I mean, this is great-- the people who make important decisions about the county's technology are going to be LISTENING to you-- aside from the inevitable rips on Microsoft (easy to do), be sure to play up the cost-benefits and reliability of Linux and *bsd as viable alternatives. Have some printed materials (or CD-ROMs?) to give out.

If you seem too fanatical or "out there", you may scare them off-- it's easy to dismiss a lunatic, even when they're right. So please don't dress like Obiwan;) A well-thought out, reasoned discussion about the benefits of open source software may make a tremendous difference if you can reach the right people and they are truly open to change.

Good luck everyone! Let us know how it works out Monday! Someone call the Arizona Republic [arizonarepublic.com] and New Times [phoenixnewtimes.com]. (And be on the lookout for a counter-offensive from Microsoft).

``the Shroud of Turin may have been an earlier example (substantially earlier) of photography using ingredients as basic as egg-white for treating cloth (the photopaper) and urine for developing it.''

Now while I'm wondering how someone decided that oysters were edible, I can wonder how someone figured out 2000 years ago that urinating on an egg-white soaked cloth would produce an recognizable image. I know that things like gun cotton and Bakelite were discovered by accident but this egg-white thing I'm finding a bit hard to believe. But I would sure like to see a Mel Brooks bit on that historic moment.

I'm glad there's going to be a hearing (re: Maricopa) but I believe that everyone there will simply be clarified on the spirit of that law, which is to give the County a means to unilaterally sever a contract IF THEY WANT TO, and establishes some reasonsble grounds to do so, probably limited by what's appropriate to the State constitution.

I don't read the statute as a binding mandate on the county to stop doing business with a contractor, but rather, as an escape valve that they may exercise if they so choose.

I suspect that everybody who shows up Monday will be told as much, if the matter is even addressed. I'll try to be there...

Hello,
I am a member of PLUG and have RSVP'd for the meeting and was going to post a request to the slashdot community for documentation on successful conversions from M$ to Linux, including articles or links to sites, so I can go armed with some facts on government conversions including military, local, state, federal, school systems (many of our school systems in AZ use the same rules for contractors as the county does), etc. For instance, about those schools in the northwest that converted their labs recently.
thanks, just reply to this thread and i will keep an eye out for it, or email me at the above address.

You recently inquired about the County's use of Microsoft products and the manner in which we license their software.

You got my ass raked over the coals by the Board of Supervisors. Goddamned Linonuts.

We appreciate your interest in the County's technology plans.

I'm damned tired of you taxpayers poking your nose into how I waste, errr I mean spend, your money. If you'd all just die now, it would make my career that much easier.

To provide a forum in which to discuss our
technology direction and address any questions you may have, we will have Information Technology staff members available to meet with citizens at
8:30 am on Monday July 8th.

I'm gonna have enough MCSEs at that meeting to outnumber you commie hippy Linonuts two-to-one. And Microsoft plans on having every OEM and VAR in the valley there too.

Please RSVP your attendance so we can ensure that adequate facilities are available
for the meeting.

I'm making sure that most of the audience will be Microsoft shills, and the place will be so crowded by sunrise you won't even get inside. There'll be enough of us make you look pretty stupid if this gets on TV. But it probably won't.

well, it may be among the largest, but probably NOT among the most populated. I suspect one of NYC's 5 counties to be the most populated.

You're welcome to suspect that, but you'd be wrong [census.gov]. Maricopa is fourth, and grew at a pretty healthy rate of 4% from April 2000 to July 2001. New York's Kings county is seventh, by the way.

There's also a very shallow learning curve! And I'd like to reiterate your point about the upgrade treadmill--I've had my kernel installed since...gosh, it must have been mid-June when I d/l'd and compiled this baby. And XP's latest patch came out what, last week? HAHA, M$ SUXORS!

It'll also be pretty sweet when all that GPL'd, SouthWest-oriented county management software can finally get used. It's been ramping up in usability on SourceForge [sourceforge.net] for literally months and it's time to give that stuff a spin around the block!

MS likes to think its EULAs are binding contracts. Therefore, if the EULAs are valid, then there is a contract between the county and MS. Conclusion: Whenever someone in the county installs any MS product, MS is de facto a contractor.

Alternate conclusion: MS wants its products used, and has to admit the EULAs aren't binding contracts in order to not be considered a contractor. All EULAs are then admitted by Microsoft to be invalid.

The point is that MS and other software companies are trying to deny they are suppliers of goods. That would imply a sale, which would give the consumer rights under law, and they don't want that. They are instead saying they are implementing a licensing program where there is a license (contract) between the consumer and the vendor to use the software. They are therefore contractors.

This actually falls within one of the parts of TCO that I've heard mention here. A careful company would have the lawyers review every EULA very carefully for every piece of software installed by every employee. The reason being that an employee would be entering the company into a legal contract (click-wrap) without prior legal review.

My domains are registered through Go Daddy. I used them because they were cheapest and a friend recommended them to me. To date (several months), I have recieved no spam from them other than a notice warning me about Verisign's nasty renewal notices, and a recent notice about how they're making domain transfer free. Also, my normal flow of spam didn't noticeably go up after registering. So while I'd agree that most registrars are scumbags, I gotta say I'm very happy with Go Daddy. So far, at least.

Yeah, that's right, register.com may be "aware" of other slams, but they are at least as bad. In fact, they are the only registry that has attempted to trick me into a "renewal" slam. I got the official-looking notice referring to my 5 domains just last week.